The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Excel: memory corruption via HFPicture
An attacker can invite the victim to open a malicious Excel document, in order to execute code on his computer...
OpenView NNM: denial of service
A remote attacker can create a denial of service in HP OpenView Network Node Manager...
HP-UX: privilege elevation via Directory Server
A local attacker can use a vulnerability of HP-UX Directory Server or Red Hat Directory Server for HP-UX, in order to elevate his privileges...
RSA Authentication Agent: file reading
An attacker can use RSA Authentication Agent to read files located outside the web server root...
Cisco IOS: several vulnerabilities
Several Cisco IOS vulnerabilities can be used by an attacker, in order to create a denial of service...
Cisco Unified Communications Manager: denial of service via SIP
An attacker can send a malicious SIP packet, in order to stop Cisco Unified Communications Manager...
TYPO3: vulnerabilities of powermail
An attacker can use several vulnerabilities of the TYPO powermail extension, in order to create a Cross Site Scripting or to inject SQL code...
Alcatel OmniVista 4760: buffer overflow of proxy
An attacker can send a long HTTP query to the proxy of Alcatel OmniVista 4760, in order to execute code...
Alcatel OmniTouch CC: administrative access via CCAgent
An unauthenticated attacker can connect to Alcatel OmniTouch Contact Center in order to administer it...
Linux kernel: memory corruption via AF_ROSE
A local attacker can use an AF_ROSE socket in order to corrupt the kernel memory, which leads to a denial of service and possibly to code execution...
Linux kernel: memory corruption via do_io_submit
A local attacker can use io_submit() in order to corrupt the kernel memory, which leads to a denial of service and possibly to code execution...
Linux kernel: denial of service via ftrace
When DebugFS is enabled, a local attacker can use ftrace in order to stop the system...
ClamAV: buffer overflow via PDF
An attacker can send a malformed PDF document, in order to stop ClamAV, and possibly to execute code...
bzip2: integer overflow via RUNA/RUNB
An attacker can create a malicious bz2 document, and invite the victim to open it with bzip2 or an application linked to libbzip2, in order to execute code on his computer...
Adobe Reader, Acrobat: memory corruption via acroform_PlugInMain
An attacker can create a malicious PDF document, and invite the victim to open it, in order to generate a denial of service and possibly to execute code on his computer...
Adobe Reader, Acrobat: memory corruption via AcroForm.api
An attacker can create a malicious PDF document, and invite the victim to open it, in order to generate a denial of service and possibly to execute code on his computer...
ASP.NET: information disclosure via Padding Oracle
An attacker can use ASP.NET as an "oracle" to decrypt information such as the View State object, or read a file such as "web.config"...
IBM DB2 9.7: three vulnerabilities
An attacker can use three vulnerabilities of IBM DB2, in order to execute code or privileged features...
OTRS: two vulnerabilities
An attacker can use several Cross Site Scripting or a denial of service in OTRS...
Ghostscript: memory corruption via PDF
An attacker can invite the victim to see a malicious PDF document, in order to stop Ghostscript, or to execute code...
Dovecot: change of default ACLs
When the user defines ACLs on his INBOX, they become the default ACLs of Maildir subdirectories...
Apple QuickTime: code execution via DLL Preload
An attacker can use a malicious QuickTime Picture Viewer DLL in order to execute code in Opera...
Linux kernel: privilege elevation via syscall on x86_64
On a x86_64 architecture, a local attacker can use, among others, getsockopt() in a 32 bit process in order to elevate his privileges...
Linux kernel: privilege elevation via ptrace on x86_64
On a x86_64 architecture, a local attacker can ptrace a 32 program in order to elevate his privileges...
Word: denial of service via MSO.DLL
An attacker can invite a victim to open a malicious document with Word, in order to stop it...
Lotus Domino: buffer overflow of iCalendar
An attacker can send an iCalendar query with a long "mailto" field, in order to execute code on Lotus Domino...
BIND: denial of service via a Trust Anchor
When BIND uses several Trust Anchors, one of them can send an invalid answer, in order to stop BIND...
Windows: privilege elevation via CSRSS
When the system is configured with a multi-bytes locale (Chinese, Japanese or Korean), a local attacker can elevate his privileges...
Windows AD, ADAM: code execution via LSASS
An authenticated attacker can send a malicious LDAP message to the LSASS service of an AD/ADAM/LDS, in order to execute code...
Windows: code execution via WordPad Text Converter
An attacker can invite the victim to open a malicious Word 97 document with WordPad, in order to execute code...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 279 280 281 282 283 284 285 286 287 289 291 292 293 294 295 296 297 298 299 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1012